Now, I understand NTA already has enough to do right now, and with the Nuketown update being so highly anticipated, it's not hard to understand why.

 

However, it seems even though the latest revision of IW5M should have fixed the GUID spoofer issue (according to what I've heard around here), it seems it hasn't.

 

Recently (today, in fact), the WarZone servers (now, before you say I'm posting this with bias since I'm admin there - I just need to inform so more servers don't fall victim) have been attacked by this GUID spoofer, nicknamed Halloweed01 (he was already reported in the Spanish section - viewtopic.php?f=21&t=22059&p=179173). The WarZone servers are running the latest update (you know, the one where the server crashes with every odd character), so that should not be the reason.

 

More servers could have already fallen victim - in fact, they already have, according to link posted above. I hope that you will be able to find a solution soon after working on all the latest updates, so that the server amount in IW5M continues to thrive, instead of fall due to too many issues due to the GUID spoofing issue that currently exists within the current IW5M and previous IW5M revisions.

Halloweed is a little bitch who's asking for hacks from mw2player and Kenshin13. I gave NTA and Pigo the aCI bypass they used though I don't know if they've patched it yet.

'attacked'

 

1) ban by ip address

2) enable admins by ip or some secret password

'attacked'

Yes, attacked. It got to such an extent that the WarZone servers owner completely dropped support for IW5M and shut down all IW5M servers until further notice.

 

Announcement regarding Modern Warfare 3

All Modern Warfare 3 servers have been closed down until further notice. Please do not post any ban appeals as MW3 servers may never return.

in TF2 there are many free-to-play hackers, solution: ban by ip, not by id.

Those servers shutting down just says that they can't be bothered doing their jobs as admins.

Use wideban and login plugins.

Solved

in TF2 there are many free-to-play hackers, solution: ban by ip, not by id.

Those servers shutting down just says that they can't be bothered doing their jobs as admins.

That's the thing, we have banned by IP multiple times and they keep returning

A funny way to ban a person is by their computer name and some other random shit that you can add that will check the name to see if it matches the original ban list.

Don't play IW5M => Problem solved.

 

and this

Those servers shutting down just says that they can't be bothered doing their jobs as admins.

Don't play IW5M => Problem solved.

Your very helpful.

 

Also regarding the IP banning, VPN's do exist. We have added a ping limit to stop mw2player and Kenshin joining the WarZone servers but this new Halloweed guy has a ping lower than that. If we were to lower the ping limit, we would loose a lot of players. In a way, you fail to realize that it is the games and Anti Cheat's fault. I, alone, banned 5 users from a server for aimbotting in 1 game. Server owners should not have to 'deal' with these faggots because they keep coming back.

so you not asking for password identification is the game's fault?

 

also, do note, I don't care about IW5 as it's a dead end as opposed to IW4

so you not asking for password identification is the game's fault?

That is a temporary fix for a permanent problem.

I gave NTA and Pigo the aCI bypass they used though I don't know if they've patched it yet.

and how would that help with fixing the NP ticket issue, which I have no means to debug as I don't know what utility/method they use to change the reported ID?

Now keep in mind that when you set the admin passwords on the database, it has to be saved as MD5 (on "function" type)

Then

!login [pass]

Keep in mind that the login message will show up on public chat. So you better not login when the spoofer or some snitch is there.

I'm not sure if something like that would fit infinityscript definitions, but it would be useful to have a script that would hide from public chat any message containing "!login". The complicated part is that it has to get to games_mp.log, but not to the in-game chat output.

The ideal would actually be to hide any message starting with "!", since those are just rcon commands.

Keep in mind that the login message will show up on public chat. So you better not login when the spoofer or some snitch is there.

The ideal would actually be to hide any message starting with "!", since those are just rcon commands.

add a / in front of the '!'?

that feature has been in for 2 years now

You can use /!login for hiding this command...

 

EDIT: NTA is quicker :>

EDIT: NTA is quicker :>

EDIT 2:

...I got owned...

outch...

I gave NTA and Pigo the aCI bypass they used though I don't know if they've patched it yet.

and how would that help with fixing the NP ticket issue, which I have no means to debug as I don't know what utility/method they use to change the reported ID?

nobody know?

I gave NTA and Pigo the aCI bypass they used though I don't know if they've patched it yet.

and how would that help with fixing the NP ticket issue, which I have no means to debug as I don't know what utility/method they use to change the reported ID?

nobody know?

Obviously, no. Also, you might know this already, but they can 'spoof' their xuid to match yours, only if you're registered in the B3 database. Or atleast that's what I think, since someone tried it on me but he couldn't as I was not registered.

Do you think that they need to grab the guid from some b3 database when they can just grab it from the forum ID ?

Now... I don't really know how this works, but... let's say that there's some "token" and that the dedicated server checks that token... the explanation for the easy spoofing would be if they managed to check the tokens the same way that the dedicated server does, and clone them. Meaning that they could use our guids by cloning our tokens as long as they're valid (that would also explain the third "dword" that they inject)

 

p.s.: when locking topics such as this one -> viewtopic.php?f=30&t=22339, atleast tell them to use login plugin.

I fucking hate seeing an unresolved topic locked and not being able to post a solution...

p.s.: when locking topics such as this one -> viewtopic.php?f=30&t=22339, atleast tell them to use login plugin.

Fixed.

so you not asking for password identification is the game's fault?

That is a temporary fix for a permanent problem.

how is it temporary?

Someone should test it...

nobody know?

 

For IW4M its https://dl.dropbox.com/u/23865950/iw4m/ ... 20Hack.exe

 

And it just does:

 

private static IntPtr GUIDAddress = (IntPtr) 0x0649D698; //address where GUID is located

...

WriteProcessMemory(Process.Handle, GUIDAddress, guidBytes, 16, out unused); //write GUID

written in C# me gusta.

I gave NTA and Pigo the aCI bypass they used though I don't know if they've patched it yet.

and how would that help with fixing the NP ticket issue, which I have no means to debug as I don't know what utility/method they use to change the reported ID?

nobody know?

NP is yours, you fix it. (like srsly the only people who know whats going on here is you, me, lmaobox, kenshin)

 

I still think that my authentication idea (if you don't know what it is, then go look at logs) should be implemented for IW4M and IW5M, and develop b3 plugins to use the authentication too. (+InfinityScript, but it would just be getting a dvar or so)